zoukankan      html  css  js  c++  java
  • Samba Server 配置

    1.Issue:Server requested plaintext password but 'client plaintext auth' is disabled 
      session setup failed: SUCCESS - 0 
    I tried 'smbclient -s foo.conf //server/dir' where foo.conf has: 
    [global] 
          client plaintext auth = yes 
    But the results are the same. 
    You have to set 'client lanman auth = yes'.  Otherwise, 
    'client plaintext auth' is forced off. 

    2.Issue:Can Samba “security = user” be used for guest share without Windows login prompt?
    http://serverfault.com/questions/211128/can-samba-security-user-be-used-for-guest-share-without-windows-login-prompt

    3.Samba服务所使用的端口和协议:
    * Port 137 (UDP) - NetBIOS name service and nmbd  
    * Port 138 (UDP) - NetBIOS datagram service   
    * Port 139 (TCP) - File and printer sharing and smbd    
    * Port 389 (TCP) - for LDAP (Active Directory Mode)   
    * Port 445 (TCP) - NetBIOS was moved to 445 after 2000 and beyond, (CIFS)   
    * Port 901 (TCP) - for SWAT

    *Samba是一种网络文件共享协议,允许不同操作系统,不同平台的机器之间通过网络实现文件访问控制。
    *特别是允许Windows系统访问Unix系统的文件。Samba服务一般开启有两个端口139 TCP 445TCP。

    4.配置Samba服务器:
    可以参考的有价值的文档有: man samba  / man smbd / man smb.conf
    配置文件主要有: /etc/samba/smb.conf  /etc/pam.d/samba
    客户端测试工具: Windows 网络邻居查看计算机 / Linux smbclient
    配置时查看服务运行状态的日志文件主要有:
    *Samba进程日志 /var/log/samba/* (smbd.log / IP.log)
    *系统授权日志:/var/log/auth.log
    *系统日志:/var/log/syslog

    6.smb.conf 的一些重要选项:

    [global]
       workgroup = WORKGROUP
       netbios name = Samab-Server
       dns proxy = no
       log file = /var/log/samba/log.%m
       max log size = 1000
       syslog = 0
       panic action = /usr/share/samba/panic-action %d

       security = share                         #常用的还有 security = user
       guest ok = yes                           
       encrypt passwords = yes       # 密码加密,如果设置成NO,Windows系统访问不能正常(要修改注册表才能正常访问,因为Windows作为客户端访问时,默认加密密码)

       client lanman auth = yes    
       client plaintext auth = yes

    [pub]
       comment = Users profiles
       path = /ftp/pub
       browseable = yes
    有关encrypt passwords = yes: 当设置成yes时PAM 授权控制全部被忽略(因为PAM不能处理加密过的授权控制);设置成NO时,Windows系统默认不能访问,此时CMD下使用 net use Z: //samba-server/pub  出现1240Error。除非修改系统注册表EnablePlantPassword才行。参见参考微软支持网站:
    http://support.microsoft.com/kb/224287
    http://answers.microsoft.com/en-us/windows/forum/windows_xp-windows_update/kb2536276-windows-xp-pc-get-system-error-58-when/d9dbdde5-2666-4423-b47c-fbdb80b995d9

    6.为了兼容Windows系统,设置encrypt passwords = yes 貌似是必须的。但又想使用PAM方式认证用户:
    配置:
    security = user
    encrypt passwords = yes
    obey pam restrictions = yes
    测试发现可以开启Samba服务的PAM方式认证用户。

    7.使用SSH使得远程访问MYSQL更加安全
    http://www.j-cn.org/post/754.html
    http://ig2net.info/archives/788.html

  • 相关阅读:
    Longest Palindromic Substring
    PayPal MLSE job description
    Continuous Median
    Remove Duplicates From Linked List
    Valid IP Address
    Longest substring without duplication
    Largest range
    Subarray sort
    Multi String Search
    Suffix Trie Construction
  • 原文地址:https://www.cnblogs.com/glory-jzx/p/4584767.html
Copyright © 2011-2022 走看看